CCNA MPLS and Segment Routing Questions

75 of 89 questions · Page 1/2 · MPLS and Segment Routing · Answers revealed

1
MCQhard

A service provider is migrating from LDP-based MPLS to Segment Routing (SR-MPLS) with IS-IS. After enabling SR on all routers, the adjacency segment IDs (ADJ-SIDs) are not being advertised. Which configuration is missing?

A.The `segment-routing mpls` command is not enabled under the IS-IS process
B.The router is running OSPF instead of IS-IS
C.The interface has the `isis adjacency-sid` command incorrectly configured
D.The loopback interface does not have an ip address configured
AnswerA

IS-IS requires the segment-routing mpls command under the IS-IS process to advertise SR capabilities.

Why this answer

In IS-IS, adjacency segment IDs are programmed only when a specific prefix-SID (e.g., the loopback) is configured and SR is enabled globally. Without an SR-capable IGP process on the interface, ADJ-SIDs are not allocated. The most common missing piece is the `segment-routing mpls` command under the IS-IS process.

2
Multi-Selecthard

Which THREE of the following are benefits of using Segment Routing over LDP in an MPLS network? (Choose three.)

Select 3 answers
A.Enables traffic engineering without RSVP-TE.
B.Reduces the number of protocols required in the network.
C.Eliminates the need for LDP and RSVP-TE in the core.
D.Provides inherent security against label spoofing.
E.Requires BGP-LU for label distribution.
AnswersA, B, C

Correct: SR-TE provides traffic engineering capabilities.

Why this answer

Option A is correct because Segment Routing (SR) can perform traffic engineering using SR-TE policies (via a controller or PCEP) or SR Flexible Algorithm, without requiring RSVP-TE. This eliminates the complexity of RSVP-TE's soft-state signaling and per-LSP state maintenance, relying instead on source-routed segment lists encoded in the packet header.

Exam trap

Cisco often tests the misconception that Segment Routing eliminates all security concerns or that it mandates BGP-LU, when in fact SR's security model is similar to traditional MPLS and BGP-LU is optional for specific use cases like inter-domain label distribution.

3
MCQeasy

Which tool can verify connectivity along an MPLS Label Switched Path (LSP) and detect label loops?

A.SNMP
B.traceroute
C.MPLS LSP ping
D.ping
AnswerC

This is the dedicated OAM tool for LSP connectivity verification.

Why this answer

MPLS LSP ping sends MPLS echo request packets that traverse the LSP, verifying label forwarding and detecting loops.

4
MCQmedium

A company is connecting two sites using MPLS L3VPN. The PE routers are running both LDP and Segment Routing (SR-MPLS) in the core. The CE router at Site A cannot reach the CE at Site B. On the PEs, the VRF routes are present. Which command would you use to verify the MPLS forwarding path for the VPN traffic?

A.show mpls ldp bindings
B.show ip route vrf VPN-A 10.1.1.0
C.show mpls forwarding-table vrf VPN-A 10.1.1.0
D.show bgp vpnv4 unicast labels
AnswerC

Displays the MPLS forwarding entry including the outgoing label stack and next hop.

Why this answer

To verify the MPLS forwarding path, including the label stack used for VPN traffic, the command `show mpls forwarding-table vrf <vrf-name> <prefix>` shows the outgoing labels and next hop. `show ip route vrf` only shows the IP route without labels. `show mpls ldp bindings` shows LDP bindings but not per-prefix forwarding. `show bgp vpnv4 unicast labels` shows the VPN labels but not the transport labels.

5
MCQmedium

A network engineer is configuring an MPLS L3VPN on a PE router. The VRF is configured with route-target import/export. The PE and CE are running eBGP. The CE advertises routes to the PE, and the PE installs them in the VRF routing table. However, the remote PE does not receive these routes via BGP VPNv4. The local PE's BGP table shows the VPNv4 prefixes with the correct next hop and label. The remote PE's BGP table shows no such prefixes. The IGP between the PEs is working, and MPLS LSPs are up. What is the most likely cause and correct action?

A.Enable the 'soft-reconfiguration inbound' command
B.Reset the BGP session between the PEs
C.Check the MTU on the link between the PEs
D.Check the route-target import/export configuration on both PEs and ensure they match
AnswerD

If route-target export does not match the import, the remote PE will discard the route.

Why this answer

Despite the local PE having the routes in BGP VPNv4, the remote PE does not receive them. This often indicates that the route-target export on the local PE does not match the route-target import on the remote PE, or that the VPNv4 session is not correctly configured. Since the local PE shows the prefixes in its BGP VPNv4 table, they are being advertised to the BGP peer, but the remote PE's import policy filters them due to mismatched RT.

The correct action is to verify the route-target configuration on both PEs.

6
MCQhard

A service provider has a network with PE1, P1, P2, and PE2 connected in a chain: PE1-P1-P2-PE2. The IGP is IS-IS with wide metrics, and MPLS LDP is enabled on all interfaces. The goal is to provide L3VPN services between PE1 and PE2. The engineer has configured MP-iBGP between PE1 and PE2, and the VPNv4 routes are exchanged. However, when a CE router behind PE1 tries to reach the CE behind PE2, the traffic fails. The engineer checks the MPLS forwarding table on PE1 and sees that the label for the BGP next-hop (PE2's loopback) is 'Untagged'. The BGP next-hop is reachable via ICMP. What is the most likely cause of this issue?

A.The IS-IS metric between PE1 and P1 is too high, causing suboptimal routing.
B.The MPLS TTL propagation is disabled, causing packets to be dropped.
C.LDP is not enabled on the interface between PE1 and P1.
D.The MTU on the link between PE1 and P1 is set to 1500, causing fragmentation.
AnswerC

Without LDP, no label is received from P1 for the BGP next-hop.

Why this answer

The MPLS forwarding table on PE1 shows the label for PE2's loopback as 'Untagged', which indicates that LDP has not assigned a label for that prefix on the incoming interface. Since LDP is responsible for distributing labels for IGP routes (like loopbacks) in an MPLS LDP-enabled network, the missing label means LDP is not operational on the link between PE1 and P1. Without a label, PE1 cannot push an MPLS label for the BGP next-hop, causing the VPNv4 traffic to be dropped or forwarded as IP, which fails because the core routers (P1, P2) do not have the VPN route.

Exam trap

Cisco often tests the distinction between BGP route exchange (which works) and MPLS label assignment (which fails), leading candidates to incorrectly focus on routing protocol issues or MTU/TTL parameters instead of verifying LDP adjacency and label bindings.

How to eliminate wrong answers

Option A is wrong because a high IS-IS metric would affect path selection but would not cause the BGP next-hop label to be 'Untagged'; LDP still assigns labels regardless of metric values. Option B is wrong because disabling MPLS TTL propagation affects TTL handling in the MPLS header but does not prevent label assignment or cause an 'Untagged' entry in the forwarding table. Option D is wrong because an MTU of 1500 is standard and would not cause the label to be missing; fragmentation issues would manifest as packet drops after label imposition, not as a missing label in the forwarding table.

7
Multi-Selectmedium

Which TWO statements about MPLS label switching are correct? (Choose two.)

Select 2 answers
A.The transit LSR performs label swapping.
B.The CE receives a frame with an MPLS label.
C.The ingress LSR imposes a label on the packet.
D.PHP (Penultimate Hop Popping) causes the egress router to pop the label.
E.The egress LSR performs label swapping before forwarding.
AnswersA, C

Correct: Transit routers swap the incoming label with an outgoing label.

Why this answer

Option A is correct because a transit Label Switch Router (LSR) in an MPLS network performs label swapping: it receives a labeled packet, replaces the incoming label with an outgoing label from its LFIB (Label Forwarding Information Base), and forwards the packet toward the egress LSR. This is the fundamental operation of an LSR in the core of an MPLS domain, as defined in RFC 3031.

Exam trap

Cisco often tests the distinction between which router performs label popping in PHP (penultimate hop vs. egress) and which router swaps labels (transit LSR vs. egress LSR), leading candidates to confuse the roles of the penultimate and egress routers.

8
Multi-Selecthard

Which three features are unique to Segment Routing when compared to traditional MPLS with LDP? (Choose three)

Select 3 answers
A.Source-based path selection
B.TI-LFA fast convergence
C.Stateful TE tunnels
D.Network-wide label range (SRGB)
E.Centralized controller (PCE) requirement
AnswersA, B, D

SR uses source routing where the path is encoded in the packet header.

Why this answer

Source-based path selection, SRGB, and TI-LFA are inherent to SR and not present in LDP-based MPLS. Stateful TE tunnels exist in RSVP-TE, and PCE is optional for SR.

9
MCQeasy

An engineer is deploying MPLS in the core and wants to ensure that all core routers use the same label for a specific prefix, regardless of which router originated it. Which MPLS label allocation mode should be used?

A.Per-interface label mode
B.Per-next-hop label mode
C.Per-prefix label mode
D.Per-VRF label mode
AnswerC

Per-prefix allocates one label per prefix, ensuring same label across all routers.

Why this answer

Per-prefix label mode (option C) is correct because it assigns a single label for a specific prefix across all core routers, regardless of which router originated the route. This ensures label consistency, which is critical for proper MPLS forwarding and troubleshooting. In contrast, per-next-hop or per-interface modes would create different labels for the same prefix based on the next hop or interface, breaking the requirement for uniform label allocation.

Exam trap

Cisco often tests the distinction between per-prefix and per-next-hop label modes, and the trap here is that candidates confuse per-next-hop (which creates multiple labels for the same prefix) with per-prefix, thinking that per-next-hop ensures consistency when it actually does the opposite.

How to eliminate wrong answers

Option A is wrong because per-interface label mode assigns a unique label per interface for each FEC, which would cause the same prefix to have different labels on different interfaces, not a single label across all routers. Option B is wrong because per-next-hop label mode allocates a label per next hop for a given prefix, leading to multiple labels for the same prefix if multiple next hops exist, violating the requirement for a single label. Option D is wrong because per-VRF label mode is used in MPLS VPNs to assign a label per VRF, not per prefix, and would not ensure a single label for a specific prefix across the core.

10
MCQmedium

A service provider is deploying MPLS L3VPN and notices that BGP next-hop resolution for VPNv4 routes fails on the PE routers. The PE routers are running OSPF as the IGP and have loopback interfaces used for LDP and BGP peering. Which configuration change should the engineer implement to ensure that the BGP next-hop is reachable?

A.Configure 'neighbor x.x.x.x update-source loopback0' under the BGP router configuration.
B.Configure 'neighbor x.x.x.x allowas-in 1' under the BGP VRF configuration.
C.Apply the 'neighbor x.x.x.x next-hop-self' command under the BGP VRF configuration.
D.Increase the 'maximum-paths' value under the BGP address-family VPNv4.
AnswerA

This ensures BGP uses the loopback as the source IP, making the next-hop reachable via IGP.

Why this answer

The BGP next-hop for VPNv4 routes is typically the loopback interface of the remote PE router. For BGP to consider the next-hop reachable, the local PE must have an IGP route to that loopback address. The 'neighbor x.x.x.x update-source loopback0' command ensures that BGP uses the loopback interface as the source IP for the TCP session, which aligns the BGP peering address with the IGP-advertised loopback, making the next-hop reachable via OSPF.

Exam trap

Cisco often tests the distinction between BGP session establishment (which requires reachability to the neighbor's IP) and BGP next-hop resolution (which requires reachability to the next-hop address carried in the route); candidates confuse these two separate requirements and incorrectly apply 'next-hop-self' or 'allowas-in'.

How to eliminate wrong answers

Option B is wrong because 'allowas-in' permits the local AS to appear in the AS_PATH, which is used for route acceptance in VRF contexts, not for next-hop resolution. Option C is wrong because 'next-hop-self' changes the next-hop to the local PE's address on routes sent to a BGP neighbor, but the issue is that the original next-hop (remote PE loopback) is unreachable due to IGP routing, not that the next-hop needs to be changed. Option D is wrong because 'maximum-paths' controls the number of equal-cost paths for load balancing, not next-hop reachability.

11
MCQhard

A large service provider runs a dual-stack MPLS core with Segment Routing (SR-MPLS) and IS-IS as the IGP. The network has been operating stably for months. Recently, a new PE router (PE-5) was added and configured with IS-IS and SR. After the addition, some remote prefixes in the VRF on other PEs become unreachable. Troubleshooting reveals that the BGP next hop for those prefixes is the loopback of another PE (PE-3), but the MPLS forwarding table on PE-3 shows no label for the prefix. The IS-IS database on PE-3 shows the prefix-SID for PE-5's loopback, but the forwarding table does not have a label for that prefix. Commands like 'show mpls forwarding-table' show no entry for PE-5's loopback. What is the most likely cause and correct action?

A.Clear the IS-IS adjacency between PE-3 and PE-5
B.Enable MPLS on the interface connecting to PE-5
C.Check and adjust the SRGB configuration on PE-5 to match the range used by other routers
D.Configure BGP to redistribute IS-IS routes into BGP
AnswerC

If SRGB ranges are mismatched, the label allocated may be invalid, causing the forwarding entry not to be installed.

Why this answer

The issue is that PE-3 does not have a label for PE-5's loopback because the prefix-SID for PE-5 is not programmed in the LFIB. This commonly happens when the SRGB (Segment Routing Global Block) on PE-5 does not overlap with PE-3's SRGB, or when the label index is not configured correctly. Since the IS-IS database shows the prefix-SID, the IGP is advertising it, but the label may be out of range.

The correct action is to check and align the SRGB configuration on all routers. Option B (clear IS-IS adjacency) is a generic reset that might not fix the underlying mismatch. Option C (enable MPLS on the interface) is already done if LDP was used, but SR uses IGP, not LDP.

Option D (redistribute into BGP) is not relevant.

12
MCQhard

Refer to the exhibit. The output shows an MPLS forwarding entry with FRR protection. What is the purpose of the backup path shown?

A.To handle penultimate hop popping for the primary path.
B.To forward traffic if the primary outgoing interface fails.
C.To provide a load-balancing alternative for the primary path.
D.To carry the VPN label separately.
AnswerB

The backup path activates when primary fails, ensuring fast convergence.

Why this answer

The backup path is used when the primary next-hop fails, providing fast reroute. Option A is incorrect because VPN label is still present. Option C is incorrect because FRR does not create a load-balancing group.

Option D is incorrect because backup path is not for PHP; PHP is for penultimate hop.

13
MCQeasy

A service provider is designing a greenfield MPLS core and wants to minimize control-plane complexity while still supporting traffic engineering. They plan to use Segment Routing with MPLS. Which statement about Segment Routing in this context is accurate?

A.Segment Routing only works with IPv6 data plane.
B.Segment Routing uses RSVP-TE for label distribution.
C.Segment Routing reduces the number of protocols required in the core.
D.Segment Routing requires TI-LFA to be enabled for traffic engineering.
AnswerC

SR eliminates LDP and RSVP-TE, relying only on an IGP with SR extensions, thus reducing protocol complexity.

Why this answer

Option C is correct because Segment Routing (SR-MPLS) eliminates the need for a separate label distribution protocol like LDP or RSVP-TE. The MPLS labels are derived directly from the IGP (IS-IS or OSPF) extensions, reducing control-plane complexity while still enabling traffic engineering via SR-TE policies and flexible path computation.

Exam trap

Cisco often tests the misconception that Segment Routing requires a separate label distribution protocol like LDP or RSVP-TE, when in fact it uses IGP extensions (IS-IS or OSPF) to distribute labels, reducing protocol complexity.

How to eliminate wrong answers

Option A is wrong because Segment Routing supports both MPLS (SR-MPLS) and IPv6 (SRv6) data planes; it is not limited to IPv6. Option B is wrong because SR-MPLS does not use RSVP-TE for label distribution; labels are signaled via IGP extensions (IS-IS or OSPF) with the Segment Routing extensions, not via RSVP-TE. Option D is wrong because TI-LFA (Topology Independent Loop-Free Alternate) is a fast-reroute mechanism that can be used with SR but is not required for traffic engineering; SR-TE can be achieved using explicit paths or SR policies without TI-LFA.

14
Matchingmedium

Match each IS-IS term to its definition.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Link State PDU containing routing information

Designated Intermediate System on a broadcast network

Network Service Access Point, the IS-IS address

Subnetwork Point of Attachment, e.g., MAC address

IS-IS Hello PDU used for neighbor discovery

Why these pairings

These are core IS-IS protocol concepts for service provider routing.

15
MCQhard

A service provider has deployed Segment Routing (SR-MPLS) with OSPF as the IGP. They enabled TI-LFA for link protection. During a maintenance window, they shut down a core link between two P routers. Expected behavior is that TI-LFA should provide sub-50ms failover. However, after the shutdown, traffic loss exceeds 10 seconds. Analysis shows that the backup path uses a segment list that includes a node SID from a router that is currently unreachable due to the same failure. The TI-LFA backup path calculation appears to have included a node that is dependent on the failed link. What design issue is most likely causing this?

A.Increase the prefix-SID index on all routers to avoid conflicts
B.Configure the backup path to use adjacency SIDs instead of node SIDs
C.Reduce the IGP metric on the backup links to ensure they are perceived as shorter paths
D.Disable TI-LFA and rely on LFA
AnswerB

Adjacency SIDs are link-specific and do not depend on the reachability of a node that may be affected by the failure.

Why this answer

TI-LFA calculates backup paths using the post-convergence topology. If the backup path includes a node that is only reachable through the failed link, it means the TI-LFA calculation did not properly exclude nodes that are dependent on the failure. This can happen if the IGP metric on the backup path is not properly set, or if the router does not consider remote node failures correctly.

The correct action is to ensure that the IGP metric on the backup path is lower than the direct path, or to implement MICRO-LOOP avoidance. Alternatively, the TI-LFA may need to use adjacency SIDs instead of node SIDs for the backup path.

16
MCQmedium

An engineer is troubleshooting MPLS label switching in a service provider core. They notice that packets are being forwarded correctly between provider edge routers, but when they check the MPLS forwarding table on a P router, they see only implicit-null labels for some destinations. What is the most likely reason for this?

A.The router is using explicit-null label due to security policies.
B.The router has a directly connected neighbor that is the egress LER.
C.The router is misconfigured to use implicit-null for all labels.
D.The router is performing penultimate hop popping (PHP) incorrectly.
AnswerB

Implicit-null is used in PHP; the egress LER advertises it to the penultimate hop.

Why this answer

Implicit-null (label 3) is advertised when the next-hop router is directly connected and wants to trigger PHP. This is normal behavior. Option B is incorrect because implicit-null is not a sign of misconfiguration.

Option C is incorrect because explicit-null is label 0. Option D is incorrect because PHP is standard.

17
MCQmedium

Refer to the exhibit. An engineer configured Segment Routing on a router. However, the router does not advertise a Prefix-SID for the loopback0 interface. What is the most likely reason?

A.The loopback is not included in any OSPF network statement.
B.The 'prefix-sid index' command is not associated with the loopback prefix; it should be configured under the OSPF process for that specific prefix.
C.The 'segment-routing mpls' command is missing under the loopback interface.
D.The 'mpls ip' command is missing on the loopback interface.
AnswerB

The prefix-sid index under OSPF is generic; it needs to be tied to the specific prefix, e.g., 'prefix-sid index 100 192.168.1.1/32'.

Why this answer

The correct answer is B because in Cisco IOS XR, the 'prefix-sid index' command must be configured under the OSPF process for the specific prefix (e.g., 'prefix-sid index 100' under 'router ospf 1' for the loopback0 prefix). Configuring it under the interface does not associate the SID with the prefix in OSPF's link-state database, so the router will not advertise the Prefix-SID. The exhibit shows the command under the loopback interface, which is incorrect for OSPF Segment Routing.

Exam trap

Cisco often tests the distinction between interface-level and protocol-level configuration for Segment Routing, trapping candidates who assume the 'prefix-sid index' command belongs on the interface (like MPLS or IPv6 commands) rather than under the OSPF or IS-IS process.

How to eliminate wrong answers

Option A is wrong because OSPF network statements are not required for loopback interfaces; loopbacks are automatically advertised as stub networks if the interface is enabled under OSPF. Option C is wrong because 'segment-routing mpls' is a global command that enables Segment Routing MPLS on the router, not an interface-level command; it is not missing on the loopback. Option D is wrong because 'mpls ip' is used for LDP, not for Segment Routing; Segment Routing does not require MPLS IP on the interface for Prefix-SID advertisement.

18
MCQmedium

Based on the exhibit, which prefix is missing a label binding and likely causing traffic to be dropped?

A.10.2.2.0/24
B.10.1.1.0/24
C.10.4.4.0/24
D.10.3.3.0/24
E.10.5.5.0/24
AnswerC

'No Label' means no label binding exists; traffic to this prefix will be dropped.

Why this answer

The prefix 10.4.4.0/24 has 'No Label', indicating the router has not learned a label from the next-hop for that FEC. This can cause labeled packets to that prefix to be dropped.

19
MCQhard

A network engineer notices that BGP-LU prefixes learned from an eBGP neighbor are not being installed in the MPLS forwarding table (LFIB). The BGP table shows the prefixes with the correct label. The IGP route to the neighbor is reachable. What additional configuration is needed?

A.Enable `no bgp default ipv4-unicast`
B.Configure `mpls ldp autoconfig` on the interface
C.Add `allowas-in` to accept routes with AS-path containing own AS
D.Set `label mode per-prefix` under the BGP neighbor or address-family
AnswerD

BGP-LU requires per-prefix label allocation for LFIB installation.

Why this answer

For BGP-LU to install labels into LFIB, the `label mode` must be set to `per-prefix` or the router must have `mpls bgp forwarding` enabled. Without enabling label allocation per prefix, BGP-LU prefixes are not programmed in LFIB. The other options are not directly related.

20
MCQeasy

A network architect is designing an MPLS network that must provide fast convergence in case of a link failure. The network uses Segment Routing. Which mechanism provides sub-50ms protection by using a precomputed backup path?

A.BFD (Bidirectional Forwarding Detection)
B.TI-LFA (Topology-Independent Loop-Free Alternate)
C.LFA (Loop-Free Alternate)
D.LDP FRR
AnswerB

TI-LFA uses segment lists to guarantee backup path regardless of topology.

Why this answer

TI-LFA (Topology-Independent Loop-Free Alternate) with Segment Routing provides fast reroute by computing a backup path using segment lists that avoid the failed link. LFA provides protection but not always topology-independent. LDP FRR is older.

BFD is a detection mechanism, not protection.

21
Multi-Selectmedium

Which TWO are benefits of using Segment Routing (SR) over traditional LDP-based MPLS?

Select 2 answers
A.Eliminates the need for LDP and RSVP-TE protocols.
B.Requires only OSPF as the IGP.
C.Reduces label imposition at the ingress PE.
D.Faster convergence due to BGP PIC.
E.Supports traffic engineering without RSVP-TE.
AnswersA, E

SR uses IGP to distribute labels, removing LDP and RSVP-TE.

Why this answer

Option A is correct because Segment Routing (SR) eliminates the need for the Label Distribution Protocol (LDP) and Resource Reservation Protocol with Traffic Engineering (RSVP-TE) by encoding MPLS labels directly into the Interior Gateway Protocol (IGP), such as OSPF or IS-IS. This simplifies the control plane by removing these protocols entirely, reducing operational complexity and resource overhead.

Exam trap

Cisco often tests the misconception that Segment Routing requires a specific IGP (like OSPF only) or that it reduces label imposition, when in fact SR is IGP-agnostic and label depth depends on the path encoding, not the protocol itself.

22
MCQmedium

A network engineer is troubleshooting MPLS L3VPN issues on a PE router. The CE router is receiving routes from the PE, but the CE cannot ping the remote CE. The PE shows the remote prefix in its routing table and in the VRF. What is the most likely cause?

A.The VRF route-target import/export is misconfigured
B.The MTU on the core links is too small
C.The RD is different on the two PEs
D.The LSP between the PEs is not operational
AnswerD

The LSP must be up to forward MPLS-encapsulated packets between PEs.

Why this answer

If the PE has the route in the VRF but the label-switched path (LSP) to the remote PE is down or nonexistent, the packet cannot be forwarded. The most common issue is that the LSP (e.g., via LDP or Segment Routing) is broken. Other options like wrong RT/RD or MTU would cause different symptoms.

23
MCQhard

A service provider is implementing Segment Routing over IPv6 (SRv6) in their core. They want to provide path isolation for different services using SRv6 SIDs. Which SID structure is used to encode both the locator and the function?

A.The SID is divided into locator and function (and optionally arguments).
B.The SID uses a separate label stack for function encoding.
C.The SID is an IPv6 address without any encoding.
D.The SID consists of a prefix only.
AnswerA

SRv6 SID is structured as Locator:Function:Args.

Why this answer

An SRv6 SID is 128 bits; the locator is the prefix portion, and the function is the remaining bits. Option A is incorrect because the prefix is the locator. Option C is incorrect because the SRv6 SID includes both.

Option D is incorrect because the argument is optional and part of the function.

24
MCQeasy

An engineer is configuring an MPLS Traffic Engineering tunnel using RSVP-TE. The tunnel is intended to carry voice traffic with strict delay requirements. Which RSVP-TE object should be used to enforce a maximum delay path?

A.Enable 'record-route' on the tunnel
B.Configure 'fast-reroute' protection
C.Specify an explicit-path (ERO) manually
D.Use the 'path-option' with 'metric delay' under the tunnel
AnswerD

This allows CSPF to use delay as the metric for path computation.

Why this answer

The 'path-option with metric delay' command instructs RSVP-TE to compute a path that minimizes cumulative delay rather than IGP cost or hop count. This directly enforces a maximum delay constraint for voice traffic by selecting the path with the lowest measured or configured delay metric across the MPLS network.

Exam trap

Cisco often tests the distinction between path selection tools (like metric types) and path recording or protection mechanisms, leading candidates to confuse 'record-route' or 'fast-reroute' with delay enforcement.

How to eliminate wrong answers

Option A is wrong because 'record-route' merely logs the actual path taken by the tunnel for troubleshooting or loop detection; it does not influence path selection or enforce delay constraints. Option B is wrong because 'fast-reroute' provides local protection against link or node failures by pre-signaling backup tunnels, but it does not impose a delay requirement on the primary path. Option C is wrong because manually specifying an explicit-path (ERO) forces a fixed sequence of hops, which may not be the lowest-delay path and requires static engineering; it does not dynamically enforce a delay metric.

25
MCQeasy

A service provider is designing a new MPLS core network and wants to simplify traffic engineering without deploying a centralized controller. Which technology should be used to enable source-routed paths with explicit path control?

A.BGP-LU
B.LDP
C.RSVP-TE
D.Segment Routing (SR-MPLS)
AnswerD

SR-MPLS enables source routing with segment lists, supporting traffic engineering without a controller.

Why this answer

Segment Routing (SR-MPLS) allows source routing by encoding paths as a list of segment IDs, enabling traffic engineering without a centralized controller. LDP only distributes labels for shortest-path forwarding. BGP-LU is for inter-domain label distribution.

RSVP-TE requires a centralized controller.

26
Matchingmedium

Match each Ethernet OAM protocol to its function.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Connectivity Fault Management for end-to-end Ethernet OAM

Performance monitoring including delay and loss measurement

Ethernet in the First Mile OAM for link-level monitoring

Link Aggregation Control Protocol for bundling links

Link Layer Discovery Protocol for neighbor discovery

Why these pairings

These are Ethernet OAM and management protocols used in service provider access.

27
MCQeasy

Which protocol is typically used to distribute MPLS labels between directly connected LSRs?

A.LDP
B.RSVP
C.BGP
D.OSPF
AnswerA

LDP is specifically designed to distribute labels for MPLS forwarding.

Why this answer

LDP (Label Distribution Protocol) is the standard protocol used to distribute MPLS labels between directly connected LSRs (Label Switch Routers) in a non-traffic-engineered MPLS network. It operates by establishing LDP sessions over TCP (port 646) and exchanging label mappings for each FEC (Forwarding Equivalence Class) based on the underlying IGP routing table, enabling hop-by-hop label switching without requiring explicit path setup.

Exam trap

Cisco often tests the distinction between label distribution protocols (LDP) and routing protocols (OSPF, BGP) or signaling protocols (RSVP), trapping candidates who confuse the role of RSVP-TE for traffic engineering with the basic label distribution function of LDP.

How to eliminate wrong answers

Option B (RSVP) is wrong because RSVP is used for traffic engineering (RSVP-TE) to reserve bandwidth and establish explicit paths, not for basic label distribution between directly connected LSRs; it requires signaling of path and reservation messages and is more complex than LDP. Option C (BGP) is wrong because BGP distributes labels for VPN or inter-AS MPLS services (e.g., labeled unicast or VPNv4 routes) but does not handle label distribution for directly connected LSRs in the core; it relies on LDP or RSVP-TE for the underlying LSP. Option D (OSPF) is wrong because OSPF is an IGP that distributes routing information, not labels; while OSPF can carry opaque LSAs for traffic engineering (OSPF-TE), it does not perform label distribution itself.

28
MCQhard

Refer to the exhibit. A PE router in an MPLS L3VPN network shows the above output. The VRF CUSTOMER contains two routes. Which statement about forwarding for these routes is true?

A.Both routes are reachable via MPLS.
B.Traffic to 10.1.1.0/24 will be label-switched with an implicit null label.
C.Traffic to 10.2.2.0/24 will be forwarded using the BGP next hop label.
D.Traffic to 10.2.2.0/24 will be forwarded using IP routing.
AnswerB

'Pop' means implicit-null label (label 3), which is popped by the penultimate hop.

Why this answer

The output shows that for the VRF CUSTOMER, the route to 10.1.1.0/24 has a next hop of 192.168.1.2 and is associated with label 3 (implicit null). In MPLS L3VPN, label 3 instructs the upstream router to pop the MPLS label and forward the packet using IP routing to the directly connected next hop. Therefore, traffic to 10.1.1.0/24 will be label-switched with an implicit null label, meaning the label is removed before forwarding to the CE router.

Exam trap

Cisco often tests the distinction between implicit null (label 3) and explicit null (label 0), and the trap here is that candidates assume any route with a label in the VRF table is fully MPLS-switched end-to-end, not realizing that label 3 means the label is popped before the final hop.

How to eliminate wrong answers

Option A is wrong because not both routes are reachable via MPLS; the route to 10.1.1.0/24 uses implicit null (label 3), which means the MPLS label is popped before forwarding, so the packet is not MPLS-switched on the final hop. Option C is wrong because traffic to 10.2.2.0/24 will be forwarded using the BGP next hop label (label 16000), not an implicit null label; the output shows label 16000 for that route. Option D is wrong because traffic to 10.2.2.0/24 will be forwarded using MPLS label switching (label 16000), not IP routing, as indicated by the presence of a non-null label in the VRF table.

29
MCQhard

Refer to the exhibit. An operator configures an SR-TE policy on a headend router. Which statement is true about the traffic steered into this policy?

A.The segment-list consists of adjacency-SIDs
B.The path is automatically computed using CSPF based on IGP metrics
C.Traffic is forwarded using MPLS LDP labels
D.The headend will impose a label stack containing labels 16000, 16001, and 16002
AnswerD

Explicit segment-lists define the ordered list of labels.

Why this answer

The correct answer is D because the SR-TE policy uses a segment-list with three labels (16000, 16001, 16002), which are MPLS labels assigned to prefix-SIDs for specific nodes. The headend imposes this label stack to steer traffic along the explicit path defined by the segment-list, ensuring strict source routing without relying on dynamic CSPF computation or LDP.

Exam trap

Cisco often tests the distinction between explicit segment-lists (which require manual label configuration) and dynamic path computation (CSPF), leading candidates to mistakenly assume CSPF is always used in SR-TE policies.

How to eliminate wrong answers

Option A is wrong because the segment-list consists of prefix-SIDs (labels 16000, 16001, 16002), not adjacency-SIDs; adjacency-SIDs are typically local and used for link-level forwarding, not for node-to-node path segments. Option B is wrong because the path is explicitly defined by the segment-list, not automatically computed using CSPF; SR-TE policies can use explicit paths or dynamic paths, but the exhibit shows an explicit segment-list. Option C is wrong because traffic is forwarded using MPLS labels from the segment-list (prefix-SIDs), not LDP labels; SR-TE uses segment routing labels, and LDP is not involved unless interworking is configured.

30
Multi-Selecteasy

Which two statements about MPLS label operations are true? (Choose two.)

Select 2 answers
A.Push operation can only add one label at a time.
B.Pop operation can remove multiple labels at once.
C.Push operation adds a label to the packet.
D.Swap operation removes and replaces two labels.
E.Pop operation removes the top label and may be triggered by implicit-null.
AnswersC, E

Push adds an MPLS header.

Why this answer

A correct: push is adding a label. B correct: pop is removing exactly one label, and PHP uses implicit-null. C wrong: swap replaces label.

D wrong: push adds one or more. E wrong: pop removes exactly one, not multiple at once (except in PHP).

31
MCQeasy

Refer to the exhibit. The show command output displays the LDP neighbor state. What does the 'Downstream' label mode indicate about label distribution?

A.Labels are sent only to the peer that advertises the prefix.
B.Labels are only distributed when explicitly requested.
C.The neighbor must request labels via a Label Request message.
D.Labels are advertised to all neighbors without a request.
AnswerD

Downstream mode means unsolicited label advertisement.

Why this answer

Downstream label mode means the router advertises labels to its neighbors without being asked. Option A is incorrect because downstream-on-demand sends labels only when requested. Option C is incorrect because unsolicited downstream is the same as downstream.

Option D is incorrect because DoD is not shown.

32
MCQhard

In an MPLS L3VPN network with route reflectors, what is the default behavior regarding the BGP next-hop attribute for reflected VPNv4 routes?

A.It sets the next-hop to 0.0.0.0.
B.It removes the next-hop attribute.
C.It sets the next-hop to the route reflector's loopback.
D.It leaves the next-hop unchanged from the originating PE.
AnswerD

Route reflectors preserve the next-hop attribute.

Why this answer

Route reflectors do not modify the next-hop attribute by default; it remains the originating PE's loopback.

33
MCQmedium

Refer to the exhibit. A network engineer is configuring a segment routing traffic engineering policy. The output shows two candidate paths. Why is path1 selected as the active path even though path2 has a bandwidth constraint?

A.path1 has a shorter segment list.
B.path2 is down due to insufficient bandwidth.
C.path1 is explicit and always preferred over dynamic paths.
D.path2 has a lower preference value.
AnswerD

path2 has preference 100, lower than path1's 200; the higher preference wins.

Why this answer

The active path is determined by the highest preference. Path1 has preference 200, which is higher than path2's 100. Option A is incorrect because path1 is explicit, not dynamic.

Option B is incorrect because both paths can be up. Option C is incorrect because color is same for both.

34
MCQeasy

An engineer is designing an MPLS network and needs to ensure that VPN traffic between two PE routers is label-switched. The PE routers are connected via a P router and have a full mesh of iBGP sessions. Which label distribution method is required for the VPN labels?

A.Segment Routing
B.MP-BGP
C.RSVP-TE
D.LDP
AnswerB

MP-BGP carries VPNv4 routes with MPLS labels.

Why this answer

In MPLS VPN architectures, VPN labels (also known as service labels) are distributed using Multiprotocol BGP (MP-BGP). MP-BGP carries VPN-IPv4 routes that include both the route distinguisher (RD) and the VPN label in the Network Layer Reachability Information (NLRI). This allows PE routers to exchange per-VRF label bindings, enabling label-switched VPN traffic across the MPLS core.

Without MP-BGP, the PE routers cannot signal the VPN-specific labels required for end-to-end label switching.

Exam trap

Cisco often tests the distinction between transport labels (distributed by LDP or RSVP-TE) and service labels (distributed by MP-BGP), leading candidates to incorrectly choose LDP or RSVP-TE for VPN label distribution.

How to eliminate wrong answers

Option A is wrong because Segment Routing (SR) is a source-routing paradigm that can be used for transport label distribution (e.g., SR-MPLS), but it does not distribute VPN service labels; VPN labels still require MP-BGP. Option C is wrong because RSVP-TE is a signaling protocol for traffic-engineered LSPs and is used for transport label distribution, not for VPN service labels. Option D is wrong because LDP distributes transport labels (IGP next-hop labels) for the MPLS core, but it cannot carry VPN-IPv4 routes or VPN labels; VPN label distribution is exclusively handled by MP-BGP.

35
MCQhard

What does the output indicate about the TI-LFA protection on R1?

A.All prefixes have backup paths.
B.Only 1 prefix has a backup path.
C.0 prefixes have backup paths.
D.2 prefixes have backup paths.
AnswerB

The line 'Number of prefixes with backup paths: 1' confirms this.

Why this answer

The output shows that only one prefix has a backup path. Node protection is enabled, and SRLG protection is disabled.

36
Multi-Selectmedium

Which three are required components for deploying Segment Routing in an MPLS network? (Choose three.)

Select 3 answers
A.RSVP-TE signaling protocol
B.MPLS forwarding capability on routers
C.Node-SID and Adj-SID assignments
D.IGP with Segment Routing extensions (OSPF or IS-IS)
E.LDP for label distribution
AnswersB, C, D

Routers must support MPLS forwarding to process labels.

Why this answer

A correct: IGP must be extended with Segment Routing extensions (OSPF or IS-IS). C correct: Node-SID and Adj-SID are the basic SID types. D correct: MPLS forwarding plane is needed to forward labeled packets.

B is optional for traffic engineering. E is not an SR component; it's for RSVP-TE.

37
MCQmedium

Refer to the exhibit. An engineer notices that R1 has an LDP neighbor but 'show mpls forwarding-table' on R1 shows no label bindings for prefixes learned from R2. What is the most likely cause?

A.The LDP discovery source is incorrect
B.The peer LDP identifier is not reachable
C.LDP session is not established
D.R1 is configured for 'label distribution on-demand'
AnswerD

Downstream on-demand means labels are not sent until requested; if no request, no labels.

Why this answer

R1 shows an LDP neighbor (session is up) but no label bindings for prefixes from R2. This occurs when R1 is configured for 'label distribution on-demand' (RFC 5036), meaning it only requests label bindings for prefixes in its routing table, not all prefixes from the peer. Since R1 has not yet needed those specific prefixes, it has not requested labels, so the forwarding table remains empty.

Exam trap

Cisco often tests the distinction between LDP session state (neighbor adjacency) and label binding exchange, tricking candidates into thinking a working session guarantees label bindings, when in fact 'label distribution on-demand' can suppress label advertisements.

How to eliminate wrong answers

Option A is wrong because the LDP discovery source being incorrect would prevent neighbor discovery entirely, but the exhibit shows an LDP neighbor is present, so discovery is working. Option B is wrong because if the peer LDP identifier were not reachable, the LDP session would not establish; the exhibit confirms a session exists, so reachability is fine. Option C is wrong because the LDP session is established (neighbor is shown), so the session is not the issue; the problem is specifically with label binding exchange, not session state.

38
MCQhard

A service provider is deploying a new MPLS core with Segment Routing and requires fast convergence upon link failure. They plan to use TI-LFA (Topology Independent Loop-Free Alternate). What is a prerequisite for TI-LFA to provide protection against any single link failure?

A.IGP must be a link-state protocol with complete topology information (OSPF or IS-IS).
B.BGP-LU must be enabled for label distribution.
C.LDP must be enabled on all interfaces.
D.RSVP-TE must be configured with FRR.
AnswerA

TI-LFA uses the link-state database to compute backup paths.

Why this answer

TI-LFA relies on the IGP having a complete view of the network topology to compute a post-convergence path that avoids the failed link. OSPF and IS-IS are link-state protocols that flood link-state advertisements (LSAs) or link-state packets (LSPs) to provide this full topology database, which is essential for TI-LFA to calculate a loop-free backup path for any single link failure.

Exam trap

Cisco often tests the misconception that TI-LFA requires LDP or RSVP-TE, but the key prerequisite is a link-state IGP (OSPF or IS-IS) with complete topology information, as TI-LFA is a Segment Routing feature that uses IGP-based SIDs for path computation.

How to eliminate wrong answers

Option B is wrong because BGP-LU (BGP Labeled Unicast) is used for inter-domain label distribution and does not provide the link-state topology information required by TI-LFA; TI-LFA operates within a single IGP domain. Option C is wrong because LDP is not a prerequisite for TI-LFA; in fact, Segment Routing can operate without LDP by using IGP-distributed labels (Prefix-SIDs), and TI-LFA is designed for SR-based networks. Option D is wrong because RSVP-TE with FRR is a separate MPLS fast-reroute mechanism that requires explicit tunnel signaling and resource reservation, whereas TI-LFA is a topology-based, signaling-free protection mechanism that works with Segment Routing and a link-state IGP.

39
MCQmedium

The CE router behind the VRF interface is unable to reach the remote CE. Which configuration error is most likely the cause?

A.The BGP neighbor is configured with a directly connected interface address but uses update-source Loopback0.
B.The VRF is missing the 'rd' command.
C.The 'mpls ip' command is missing on the core interface.
D.The VRF interface does not have an IP address.
AnswerA

This mismatch causes BGP to try to source from the loopback while expecting a session to the interface address, likely leading to session failure.

Why this answer

The BGP neighbor is defined using the directly connected interface address 10.0.0.2, but the update-source is set to Loopback0. This mismatch prevents the BGP session from establishing because the router expects the neighbor to be reachable via the loopback. The neighbor should be the remote PE's loopback address.

40
Multi-Selecthard

Which two are characteristics of the Anycast SID in Segment Routing? (Choose two.)

Select 2 answers
A.It identifies an adjacency between two routers.
B.It is typically used as an Adj-SID for load balancing.
C.It is unique per node and identifies a specific router.
D.It provides redundancy and fast convergence by allowing traffic to be rerouted to another router.
E.It is shared among multiple routers in the same anycast group.
AnswersD, E

If one anycast router fails, traffic goes to another.

Why this answer

B correct: multiple nodes can advertise the same Anycast SID, enabling load balancing. E correct: Anycast SID is used for redundancy and fast convergence. A wrong: Node-SID is unique.

C wrong: Anycast SID is not for adjacency. D wrong: The Anycast SID is advertised with a prefix SID type, not an Adj-SID type.

41
MCQhard

An engineer is troubleshooting an MPLS VPN issue where CE1 cannot ping CE2 across the provider network. The PE routers are configured with MP-BGP and LDP. On PE1, 'show ip bgp vpnv4 vrf CUST' shows the route to CE2's loopback as valid, but 'show mpls forwarding-table' does not list a label for that prefix. What is the most likely cause?

A.MTU mismatch on the MPLS core interfaces
B.LDP is not enabled on the core link between PE1 and P
C.Route target mismatch between PE1 and PE2
D.BGP session between PE1 and PE2 is not established
AnswerC

Incorrect RT prevents the VPN label from being installed in the forwarding table despite BGP advertisement.

Why this answer

The route is present in the VRF BGP table on PE1 (valid), but no MPLS label is assigned for that prefix in the forwarding table. This indicates that PE1 has learned the route via MP-BGP but cannot install it into the MPLS forwarding table because the route target (RT) import policy on PE1 does not match the RT export policy on PE2. Without a matching RT, PE1 does not consider the VPNv4 route as belonging to the CUST VRF, so it cannot resolve the next hop or assign a label for forwarding.

Exam trap

Cisco often tests the distinction between BGP route validity (learned via MP-BGP) and VRF route installation (controlled by RT import), leading candidates to mistakenly suspect BGP session or LDP issues when the real problem is a route target mismatch.

How to eliminate wrong answers

Option A is wrong because an MTU mismatch on core interfaces would cause fragmentation or packet drops, not a missing label in the MPLS forwarding table for a specific VPN prefix. Option B is wrong because LDP not being enabled on the core link would prevent label assignment for all transit prefixes, not just a single VPN route, and the issue here is specific to a VRF route. Option D is wrong because if the BGP session between PE1 and PE2 were not established, the route to CE2's loopback would not appear as valid in 'show ip bgp vpnv4 vrf CUST'; the route is present, so the session is up.

42
MCQmedium

A network operator is configuring RSVP-TE tunnels for traffic engineering in an MPLS core. They want to enforce that the tunnel path strictly follows a predefined set of hops. Which explicit path option should be used?

A.Exact
B.Loose
C.Strict
D.Dynamic
AnswerC

Strict explicit path requires each hop to be adjacent.

Why this answer

The 'strict' keyword enforces that each hop is directly connected. Option B is incorrect because 'loose' allows intermediate hops. Option C is incorrect because 'dynamic' computes path automatically.

Option D is incorrect because 'exact' is not a standard keyword for explicit paths.

43
Drag & Dropmedium

Drag and drop the steps for the BGP route selection process (best path selection) in order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order

Why this order

BGP best path selection follows a specific order: weight, local preference, locally originated, AS_PATH length, MED.

44
MCQeasy

An SP network engineer is designing a new segment routing traffic engineering deployment within a single IGP area. The network consists of 50 core routers running IS-IS and MPLS. The engineer needs to steer traffic from Router A to Router D over a path that avoids high latency links. Which technology should be used to define and instantiate the explicit path?

A.Use LDP to distribute labels and rely on IGP shortest path.
B.Set up a Path Computation Element (PCE) and delegate path computation.
C.Implement BGP LU to create an explicit path via local policies.
D.Configure an SR-TE policy with an explicit path using segment lists.
AnswerD

SR-TE policies provide explicit path steering via segment lists specifying nodes or adjacency SIDs.

Why this answer

Option A is correct: SR-TE policies with explicit paths allow steering traffic over a specific sequence of nodes or links using segment lists. Option B is wrong because PCE can be used but is not required for explicit paths; the policy can be configured locally. Option C is wrong because LDP is label distribution, not path steering.

Option D is wrong because BGP-LU distributes labels for BGP prefixes, not TE.

45
Multi-Selectmedium

Which two statements about MPLS label distribution are correct? (Choose two)

Select 2 answers
A.RSVP-TE allocates labels based on LDP.
B.LDP can establish sessions with non-directly connected neighbors using targeted LDP.
C.LDP uses the BGP next-hop as the label FEC.
D.LDP distributes labels for all IGP routes in the routing table.
E.TDP is the Cisco proprietary version of LDP.
AnswersB, D

Targeted LDP allows LDP sessions between non-adjacent routers.

Why this answer

LDP distributes labels for IGP routes and supports targeted sessions for non-directly connected neighbors. TDP is deprecated, RSVP-TE allocates labels for TE, and LDP uses IGP next-hop.

46
Multi-Selectmedium

Which THREE steps are required when configuring MPLS L3VPN on a PE router? (Choose three.)

Select 3 answers
A.Configure BGP on the CE router to advertise routes to PE
B.Create a VRF definition
C.Configure BGP address-family ipv4 vrf to exchange VPN routes
D.Configure route-target import/export using route-map
E.Assign the customer-facing interface to the VRF
AnswersB, C, E

The VRF must be created on the PE.

Why this answer

To configure MPLS L3VPN, you must: create a VRF (step A), assign an interface to the VRF (step B), configure BGP to exchange VPN routes (step C). Step D is optional (route-target export/import is done via route-map or configuration). Step E is done on CE, not PE.

47
MCQeasy

A network engineer is designing an MPLS core using Segment Routing. They want to minimize label stack depth while still providing fast convergence using TI-LFA. Which prefix-SID assignment strategy should be used?

A.Assign a node-SID to each loopback interface
B.Use per-interface label mode from SRGB
C.Allocate labels per-VRF on PE routers
D.Advertise prefix-SIDs for all IGP prefixes
AnswerD

Prefix-SIDs enable TI-LFA with minimal label depth.

Why this answer

Option D is correct because advertising prefix-SIDs for all IGP prefixes allows TI-LFA to compute backup paths using any prefix in the network, not just loopbacks. This minimizes label stack depth by enabling TI-LFA to use a single prefix-SID for the repair path, avoiding the need for additional labels or explicit path constructs. Fast convergence is achieved because TI-LFA precomputes a backup next-hop that can be activated immediately upon failure, and having all prefixes as SIDs ensures the backup path can be expressed with minimal label imposition.

Exam trap

Cisco often tests the misconception that node-SIDs (loopbacks) are sufficient for TI-LFA, but the trap is that TI-LFA requires prefix-SIDs for all prefixes to achieve optimal label stack depth and fast convergence, as node-SIDs alone may force deeper stacks or suboptimal backup paths.

How to eliminate wrong answers

Option A is wrong because assigning a node-SID only to loopback interfaces restricts TI-LFA to using only those loopback addresses as repair targets, which may force deeper label stacks or suboptimal backup paths when the failure involves a non-loopback prefix. Option B is wrong because per-interface label mode from SRGB is used for adjacency-SIDs, not for prefix-SIDs, and TI-LFA relies on prefix-SIDs for fast reroute; adjacency-SIDs would increase label stack depth and are not designed for TI-LFA's loop-free alternate computation. Option C is wrong because per-VRF label allocation on PE routers is a BGP/MPLS VPN concept unrelated to Segment Routing prefix-SID assignment and does not affect TI-LFA convergence or label stack depth in the MPLS core.

48
MCQhard

In an MPLS L3VPN network, a customer has overlapping IP addresses between two VPNs. The provider edge routers are configured with VRF instances. Which method ensures that traffic from one VPN does not leak into the other when using MPLS labels?

A.Assign different MPLS label ranges to each VRF.
B.Apply BGP community strings to filter routes.
C.Use distinct route targets for import and export per VRF.
D.Configure different route distinguishers for each VPN.
AnswerC

RTs control which routes are imported into a VRF, preventing leakage.

Why this answer

The correct method is to import/export route targets correctly to keep VPN routes separate. Option A is incorrect because route distinguishers only make routes unique, they don't prevent leaking. Option C is incorrect because label allocation is per VRF, but leaking occurs due to route import policies.

Option D is incorrect because BGP communities are used for route filtering, but RT is the standard mechanism.

49
MCQmedium

Which BGP extended community is used to signal the OSPF domain ID between PE routers in an MPLS L3VPN when OSPF is the PE-CE protocol?

A.Site of Origin
B.OSPF Domain ID
C.OSPF Route Type
D.Route Target
AnswerB

This community specifically carries the OSPF domain ID.

Why this answer

In an MPLS L3VPN where OSPF is the PE-CE protocol, the OSPF Domain ID extended community is used to signal the OSPF domain identifier between PE routers. This allows the receiving PE to determine whether the OSPF route originated from the same OSPF domain (and thus should be redistributed as an intra-area or inter-area route) or from a different domain (requiring a Type 5 LSA). The OSPF Domain ID is carried as a BGP extended community (type 0x0005 or 0x8005) and is critical for maintaining OSPF route type semantics across the MPLS backbone.

Exam trap

Cisco often tests the confusion between the OSPF Domain ID and the OSPF Route Type extended communities, where candidates mistakenly think the Route Type carries the domain information, but in reality the Route Type only encodes the OSPF path type and metric, while the Domain ID identifies the originating OSPF domain.

How to eliminate wrong answers

Option A is wrong because the Site of Origin (SoO) extended community is used to prevent routing loops in MPLS L3VPN environments, not to signal the OSPF domain ID. Option C is wrong because the OSPF Route Type extended community carries the OSPF route type (e.g., intra-area, inter-area, external) and the metric type, but it does not convey the domain identifier. Option D is wrong because the Route Target extended community controls VPN route import/export between VRF instances and has no role in signaling OSPF domain identity.

50
MCQmedium

Refer to the exhibit. An engineer is troubleshooting packet loss in the MPLS core. For prefix 10.3.3.0/24, the outgoing label is 'Untagged'. What does this indicate?

A.The packet will have an implicit null label (label 3) imposed
B.The prefix is not reachable and packets will be dropped
C.The outgoing label is the same as the local label (label 18)
D.No MPLS label is being imposed on outgoing packets for this prefix
AnswerD

Untagged means no label.

Why this answer

When the outgoing label for a prefix in the MPLS forwarding table shows 'Untagged', it means that for packets destined to that prefix, no MPLS label is imposed. The router will forward the packet as a standard IP packet (without an MPLS header) out the egress interface. This typically occurs when the next-hop router has signaled an implicit null label (label 3) via LDP, instructing the upstream router to pop the label stack and send the packet as IP.

Exam trap

Cisco often tests the distinction between 'Untagged' (meaning no label is imposed, typically due to PHP with implicit null) and 'Pop' (which explicitly indicates the label is removed), leading candidates to confuse the two or incorrectly associate 'Untagged' with unreachability.

How to eliminate wrong answers

Option A is wrong because an implicit null label (label 3) causes the upstream router to pop the top label and forward the packet without any label, not to impose label 3. Option B is wrong because 'Untagged' does not indicate unreachability; the prefix is reachable and packets are forwarded as IP. Option C is wrong because the outgoing label being the same as the local label (label 18) would be described as 'Pop' or 'Implicit Null', not 'Untagged'.

51
MCQhard

A network operator is deploying Segment Routing with TI-LFA across an OSPF network. After configuring OSPF with 'segment-routing mpls' and 'fast-reroute per-prefix', they notice that backup paths are not being installed for some prefixes. 'Show ip ospf segment-routing protected' shows 'No FRR backup' for those prefixes. What is a possible reason?

A.LDP label distribution is still active
B.The prefix-SID index is not globally unique
C.OSPF does not support TI-LFA for per-prefix prefixes
D.Adjacency-SIDs are not configured on neighboring routers
AnswerD

TI-LFA uses adjacency-SIDs to create the repair path.

Why this answer

Option D is correct because TI-LFA (Topology Independent Loop-Free Alternate) for per-prefix fast-reroute in OSPF requires that adjacency-SIDs be configured on neighboring routers. Without adjacency-SIDs, OSPF cannot compute the necessary repair paths to provide backup protection, resulting in 'No FRR backup' for those prefixes.

Exam trap

Cisco often tests the misconception that TI-LFA works automatically with just 'fast-reroute per-prefix', when in fact adjacency-SIDs are a prerequisite for the repair path computation in OSPF.

How to eliminate wrong answers

Option A is wrong because LDP label distribution being active does not prevent OSPF from installing TI-LFA backup paths; OSPF Segment Routing and LDP can coexist, and the issue is specifically about SR-TI-LFA operation. Option B is wrong because a non-globally unique prefix-SID index would cause label conflicts or forwarding issues, but it would not prevent the installation of backup paths via TI-LFA; the 'No FRR backup' output indicates a failure in repair path computation, not a label allocation problem. Option C is wrong because OSPF does support TI-LFA for per-prefix prefixes when properly configured with adjacency-SIDs; the statement that OSPF does not support it is incorrect.

52
MCQeasy

A service provider is migrating from a legacy MPLS network using LDP to Segment Routing (SR-MPLS). They have enabled SR on all routers and are using IS-IS. The migration plan is to keep LDP running alongside SR during the transition. After enabling SR, some traffic is being forwarded using the SR path, but the network operator notices that some CEs in an L2VPN are experiencing packet loss during failover scenarios. Troubleshooting shows that the primary pseudowire is using SR labels, but the backup pseudowire is still using LDP labels. The backup path is not working correctly. What is the most likely cause?

A.The backup path uses a different IGP metric
B.The backup pseudowire is still using LDP labels and the LDP session for the backup path is down
C.The MTU on the backup path is smaller than on the primary
D.The prefix-SID for the remote PE is missing in the SR-TE database
AnswerB

If LDP sessions are down for the backup path, the backup pseudowire cannot use SR labels, leading to packet loss.

Why this answer

During coexistence of LDP and SR, there might be a mismatch in label switching. The backup pseudowire might be using LDP labels that are not consistent with the SR forwarding plane. The most likely cause is that the backup path is not properly programmed to use SR labels, or the LDP session for the backup path is down.

The correct action is to ensure that the pseudowire's backup signaling is using the same transport mechanisms as the primary, or to disable LDP gradually.

53
MCQhard

An MPLS network is experiencing micro-loops during convergence after a link failure. The network uses LDP and IS-IS as IGP. Which of the following solutions can prevent micro-loops during IGP convergence without requiring additional protocols?

A.Implement MPLS-TE FRR using bypass tunnels.
B.Enable BGP PIC (Prefix Independent Convergence).
C.Configure LFA (Loop-Free Alternate) on the IGP.
D.Deploy RSVP-TE with fast-reroute.
AnswerC

LFA computes backup paths that avoid loops during convergence.

Why this answer

Loop-free alternates (LFA) provide fast convergence and micro-loop avoidance. Option B is incorrect because BGP PIC is for BGP convergence. Option C is incorrect because RSVP-TE is separate.

Option D is incorrect because MPLS-TE FRR is for RSVP-TE tunnels.

54
MCQmedium

A service provider is deploying MPLS L2VPN using Virtual Private Wire Service (VPWS). After configuration, the two CEs cannot ping each other. The PE routers show the xconnect interface is up, but no MAC addresses are learned. What is the most likely cause?

A.The MTU on the core links is less than 1500
B.The control word is enabled on one PE but not the other
C.The VC ID mismatch between the two PEs
D.The encapsulation type on the AC is different on the two PEs
AnswerC

VC ID must match for the pseudowire to be established.

Why this answer

If the attachment circuit (AC) is up but no MAC learning occurs, the issue is likely that the MPLS core LSP is not available for the pseudowire. The pseudowire status may be down due to LSP issues. VC ID mismatch would cause the pseudowire to not come up.

MTU or encapsulation issues would show errors.

55
Multi-Selecteasy

Which TWO are characteristics of Segment Routing (SR-MPLS)? (Choose two.)

Select 2 answers
A.It relies on source routing
B.It requires a centralized controller for traffic engineering
C.It forwards packets based on destination IP address at each hop
D.It requires MPLS LDP for label distribution
E.It supports both MPLS and IPv6 data planes
AnswersA, E

SR performs source routing by encoding the path as a segment list.

Why this answer

Segment Routing uses source routing where the source specifies the path as a list of segments. It does not require LDP or RSVP-TE. It can use both MPLS and IPv6 data planes.

Option C is wrong because SR does not require a centralized controller by default (though it can be used with one). Option D is wrong because SR allows intermediate nodes to forward based on the top segment, not IP address.

56
MCQmedium

A service provider is migrating from LDP to Segment Routing in its MPLS core. The team has enabled IS-IS as the IGP and configured segment routing under the IS-IS process on all core routers. However, after the migration, some LSPs are not being signaled correctly and traffic is blackholing. Which action should be taken to ensure seamless interworking between LDP and SR during the migration?

A.Configure 'segment-routing mpls sr-prefer' under the IS-IS process.
B.Change the IGP to OSPF with segment routing enabled.
C.Remove the 'mpls ldp' configuration from all routers that have SR enabled.
D.Enable 'mpls ldp igp sync' on the IGP interfaces.
AnswerA

This ensures the router prefers SR labels but still allocates LDP labels for backward compatibility.

Why this answer

Option C is correct because during migration, both LDP and SR need to signal the same labels. The 'segment-routing mpls sr-prefer' command tells the router to prefer SR labels but still maintain LDP forwarding entries for fallback. Option A is incorrect because removing LDP globally would cause loss of LDP sessions for routers not yet SR-capable.

Option B is incorrect because 'mpls ldp igp sync' is for LDP-IGP synchronization, not SR-LDP interworking. Option D is incorrect because OSPF is not the IGP in use.

57
MCQmedium

Which BGP address family must be used to exchange VPNv4 routes between PE routers in an MPLS L3VPN?

A.RT constraint
B.IPv4 unicast
C.L2VPN VPLS
D.VPNv4 unicast
AnswerD

VPNv4 unicast is the correct address family for exchanging VPN-IPv4 routes.

Why this answer

In an MPLS L3VPN, VPNv4 routes carry both the IPv4 prefix and the Route Distinguisher (RD) to ensure uniqueness across overlapping customer address spaces. The VPNv4 unicast address family (address-family ipv4 vpn) is the mandatory BGP address family used between PE routers to exchange these VPNv4 routes, enabling MPLS-based VPN reachability.

Exam trap

Cisco often tests the distinction between the address family used for route exchange (VPNv4 unicast) versus the filtering mechanism (RT constraint), leading candidates to confuse the RT constraint address family as the primary exchange method.

How to eliminate wrong answers

Option A is wrong because the RT constraint (Route Target constraint) address family is used to filter route advertisements based on RT membership, not to exchange VPNv4 routes themselves. Option B is wrong because IPv4 unicast address family carries only standard IPv4 routes without RD or VPN attributes, making it unsuitable for MPLS L3VPN route exchange. Option C is wrong because L2VPN VPLS address family is used for Layer 2 VPN services like Virtual Private LAN Service, not for Layer 3 VPNv4 route exchange.

58
MCQhard

Refer to the exhibit. An engineer is configuring Segment Routing for BGP (BGP-SR) on a PE router to assign labels to prefixes learned from a CE. The route-policy SET-LABEL is applied to the neighbor under the address-family ipv4 unicast. However, the CE prefix 10.1.1.0/24 is not receiving the label. What is the most likely reason?

A.The route-policy syntax is incorrect; 'destination' should be 'ip prefix-list'.
B.The update-source should be the interface facing the CE, not Loopback0.
C.The neighbor is missing 'send-community extended' under address-family ipv4 unicast.
D.The 'set label-index' command should be 'set label' for BGP-SR.
AnswerC

BGP-SR uses the prefix-SID attribute carried in extended communities; without this, labels are not advertised.

Why this answer

For BGP-SR (Segment Routing for BGP) to advertise labels for prefixes learned from a CE, the neighbor must be configured with 'send-community extended' under the address-family. This is because BGP-SR uses the BGP Prefix-SID attribute, which is carried as an extended community. Without this command, the PE will not send the label information to the CE, even if the route-policy is correctly applied.

Exam trap

Cisco often tests the requirement for 'send-community extended' in BGP-SR scenarios, as candidates may focus on route-policy syntax or interface settings and overlook the mandatory community advertisement needed to carry the label attribute.

How to eliminate wrong answers

Option A is wrong because 'destination' is a valid route-policy match keyword in Cisco IOS XR that can match a specific prefix; it is not required to use 'ip prefix-list'. Option B is wrong because the update-source Loopback0 is correct for BGP peering with the CE; the issue is not about the source interface but about missing extended community advertisement. Option D is wrong because 'set label-index' is used for SR-MPLS TE to assign a label index, while BGP-SR uses 'set label' to assign an absolute label value; however, the question states the prefix is not receiving any label, and the missing 'send-community extended' is the root cause.

59
Drag & Dropmedium

Drag and drop the steps to configure a PPPoE client on a Cisco router into the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order

Why this order

PPPoE client configuration involves creating a dialer interface, setting encapsulation, dialer pool, authentication, and IP address.

60
Multi-Selecthard

In an MPLS L3VPN network, a route reflector (RR) is used to distribute VPNv4 routes between PE routers. After a new PE router (PE4) is added, some VPN routes are not being received by other PEs. Which TWO actions should be investigated to resolve the issue? (Choose two.)

Select 2 answers
A.Ensure the VRF route-target import/export values are correctly configured on the new PE.
B.Configure OSPF as an additional IGP to redistribute VPN routes.
C.Verify that BGP VPNv4 neighbor relationship is established between the new PE and the RR.
D.Check physical connectivity and IGP adjacency between the new PE and the RR.
E.Issue a 'clear ip bgp * refresh' on the RR.
AnswersA, C

Mismatched RTs prevent routes from being imported into the VRF.

Why this answer

Option B is correct because the RR must have BGP MP-BGP session to the new PE. Option D is correct because VRF import/export policies using route targets must match the community values expected by other PEs. Option A is unnecessary if underlay connectivity exists.

Option C is incorrect because route refresh does not fix missing policy. Option E is incorrect because OSPF is not used in the core for VPN route exchange.

61
MCQhard

A service provider is designing a new MPLS core network using Segment Routing with MPLS data plane. They require traffic engineering capabilities to optimize bandwidth utilization. Which technology should be used to compute optimal paths based on IGP link attributes and bandwidth constraints?

A.RSVP-TE with FRR
B.LDP over SR
C.SR-TE (Segment Routing Traffic Engineering)
D.OSPF with MPLS-TE extensions
AnswerC

SR-TE computes paths using segment lists and can enforce bandwidth constraints.

Why this answer

SR-TE (Segment Routing Traffic Engineering) is the correct choice because it uses a centralized or distributed controller to compute optimal paths based on IGP link attributes (such as metric, TE metric, affinity) and bandwidth constraints, encoding the path as a segment list in the packet header. Unlike RSVP-TE, SR-TE does not require per-flow state in the core routers, making it more scalable for bandwidth optimization in an MPLS Segment Routing network.

Exam trap

Cisco often tests the misconception that OSPF with MPLS-TE extensions alone provides traffic engineering, but in reality, it only advertises link attributes and requires a separate path computation mechanism like SR-TE or RSVP-TE to enforce TE paths.

How to eliminate wrong answers

Option A is wrong because RSVP-TE with FRR is a traditional MPLS TE solution that requires per-tunnel state maintenance and signaling, which contradicts the stateless nature of Segment Routing and does not leverage IGP link attributes for path computation in the same way as SR-TE. Option B is wrong because LDP over SR is a label distribution mechanism that provides basic MPLS forwarding but lacks traffic engineering capabilities to compute optimal paths based on bandwidth constraints or link attributes. Option D is wrong because OSPF with MPLS-TE extensions only floods TE link attributes (via opaque LSAs) but does not compute or enforce traffic-engineered paths; it requires an external component like RSVP-TE or SR-TE to perform the actual path computation.

62
Multi-Selectmedium

Which TWO statements correctly describe Segment Routing characteristics? (Select two.)

Select 2 answers
A.All routers must be configured with the same SRGB value
B.The path is encoded as a label stack at the source router
C.Label distribution does not rely on LDP or RSVP
D.SR eliminates all per-prefix state from core routers
E.Traffic engineering policies are distributed via BGP without any IGP extension
AnswersB, C

SR uses a label stack to specify the path.

Why this answer

Option B is correct because Segment Routing (SR) encodes the forwarding path as an ordered list of segment identifiers (SIDs) pushed onto a label stack at the source router. This source-routing paradigm allows the ingress node to specify the exact path through the network without requiring intermediate routers to maintain per-flow state.

Exam trap

Cisco often tests the misconception that SR eliminates all per-prefix state from core routers, but in reality, core routers still maintain IGP per-prefix state and may hold SR-MPLS labels for those prefixes.

63
MCQhard

A service provider is troubleshooting an MPLS L3VPN issue where a CE router is receiving the VPN route from the PE but cannot ping the remote CE's loopback. The PE shows that the VPN label is assigned but cannot route the packets. Which command would help determine if the remote PE is correctly resolving the BGP next-hop via IGP?

A.show ip route bgp
B.show mpls ldp neighbor
C.show ip route vrf CUST
D.show mpls forwarding-table vrf CUST
AnswerA

Shows the BGP route and its next-hop reachability (via IGP).

Why this answer

Option A, 'show ip route bgp', is correct because the issue is that the remote PE cannot route packets to the BGP next-hop of the VPN route. The CE receives the route, but the PE cannot forward packets, indicating a missing or incorrect IGP route to the next-hop address. This command displays BGP routes in the global routing table, allowing you to verify if the next-hop is reachable via IGP (e.g., OSPF or IS-IS) and if the recursive routing is successful.

Exam trap

Cisco often tests the distinction between VRF-specific commands and global routing table commands; the trap here is that candidates assume 'show ip route vrf CUST' will show the next-hop reachability, but it only shows the VPN route itself, not the underlying IGP route required for recursive forwarding.

How to eliminate wrong answers

Option B is wrong because 'show mpls ldp neighbor' checks LDP session status and label exchange between directly connected LSRs, but it does not verify IGP reachability to the BGP next-hop, which is the root cause here. Option C is wrong because 'show ip route vrf CUST' shows routes within the VRF, including the VPN route received from the remote PE, but it does not show the global IGP route to the BGP next-hop; the issue is in the global routing table, not the VRF. Option D is wrong because 'show mpls forwarding-table vrf CUST' displays the MPLS forwarding entries for the VRF, including the VPN label and outgoing interface, but it does not reveal whether the BGP next-hop is reachable via IGP; the forwarding table assumes the next-hop is reachable, which is the problem here.

64
MCQmedium

A service provider is deploying MPLS-TE with RSVP-TE in their core network. They notice that some LSPs are not being established due to resource contention. Which action would best address this issue without redesigning the entire traffic engineering deployment?

A.Enable preemption on RSVP-TE LSPs with appropriate priority levels.
B.Increase the bandwidth of all core links.
C.Configure LSP path-option explicit paths with strict hops.
D.Disable RSVP-TE and use LDP for label distribution.
AnswerA

Preemption allows higher-priority LSPs to take resources from lower-priority ones, resolving contention dynamically.

Why this answer

Enabling preemption on RSVP-TE LSPs with appropriate setup and hold priorities allows higher-priority LSPs to tear down lower-priority LSPs to free up bandwidth, resolving resource contention without redesigning the entire TE deployment. This is the standard mechanism defined in RFC 3209 for managing bandwidth contention in MPLS-TE networks.

Exam trap

Cisco often tests the misconception that explicit path configuration or bandwidth upgrades are the primary solutions for resource contention, when in fact preemption priorities are the designed mechanism for dynamic contention resolution in RSVP-TE.

How to eliminate wrong answers

Option B is wrong because increasing the bandwidth of all core links is a costly, non-scalable approach that may not be feasible and does not address the root cause of contention; it also requires a network redesign. Option C is wrong because configuring LSP path-option explicit paths with strict hops forces a specific path but does not resolve bandwidth contention on those links; it may even worsen contention by not allowing dynamic rerouting. Option D is wrong because disabling RSVP-TE and using LDP for label distribution removes traffic engineering capabilities entirely, as LDP does not support bandwidth reservation or explicit path control, which would not solve the resource contention issue.

65
MCQeasy

An MPLS core network uses LDP to distribute labels. An engineer wants to verify that the LDP session between two routers is up and exchanging labels. Which command should be used?

A.show mpls interfaces
B.show mpls l2transport binding
C.show mpls ldp neighbor
D.show mpls forwarding-table
AnswerC

Displays LDP neighbors and session state.

Why this answer

The command 'show mpls ldp neighbor' displays the status of LDP sessions, including the neighbor's IP address, session state (e.g., Operational), and label exchange activity. Since LDP is the protocol used to distribute labels in this MPLS core network, this command directly verifies that the session is up and exchanging labels between the two routers.

Exam trap

Cisco often tests the distinction between verifying the LDP session itself (show mpls ldp neighbor) versus verifying the results of label exchange (show mpls forwarding-table), leading candidates to confuse the output of label distribution with the state of the label distribution protocol.

How to eliminate wrong answers

Option A is wrong because 'show mpls interfaces' displays which interfaces are enabled for MPLS and their LDP or TDP status, but it does not show LDP session state or label exchange with a specific neighbor. Option B is wrong because 'show mpls l2transport binding' is used for Layer 2 VPN (L2VPN) pseudowire label bindings, not for verifying LDP session status. Option D is wrong because 'show mpls forwarding-table' displays the LFIB (Label Forwarding Information Base) entries, which are the result of label exchange, but it does not show the LDP session state or neighbor adjacency.

66
MCQhard

An engineer is troubleshooting MPLS traffic engineering tunnels and needs to verify path calculation and RSVP errors. Which command should be used?

A.show ip route
B.show mpls ldp neighbor
C.show mpls traffic-eng tunnels
D.debug mpls lfib errors
AnswerC

This command provides details on TE tunnels, including path computation and signaling status.

Why this answer

Option C is correct because the 'show mpls traffic-eng tunnels' command displays detailed information about MPLS TE tunnels, including path calculation status, RSVP signaling errors, and tunnel state. This command is specifically designed to verify TE tunnel operations and troubleshoot issues such as path computation failures or RSVP resource reservation problems.

Exam trap

Cisco often tests the distinction between MPLS TE-specific commands and general MPLS or routing commands, so the trap here is that candidates might confuse 'show mpls ldp neighbor' (for LDP-based label distribution) with TE tunnel verification, or mistakenly think 'debug mpls lfib errors' is appropriate for RSVP path errors when it actually targets LFIB corruption issues.

How to eliminate wrong answers

Option A is wrong because 'show ip route' displays the IP routing table and is not relevant to MPLS TE tunnel path calculation or RSVP error verification. Option B is wrong because 'show mpls ldp neighbor' shows LDP neighbor relationships, which are used for label distribution in non-TE MPLS, not for TE tunnel path calculation or RSVP signaling. Option D is wrong because 'debug mpls lfib errors' debugs Label Forwarding Information Base (LFIB) errors, which is a debugging tool for label forwarding issues, not for verifying TE tunnel path calculation or RSVP errors.

67
Multi-Selecthard

Which THREE are valid methods to provide fast convergence in an MPLS/Segment Routing network? (Select three.)

Select 3 answers
A.BGP Prefix Independent Convergence (PIC)
B.Topology-Independent LFA (TI-LFA)
C.Loop-Free Alternate (LFA)
D.RSVP-TE Fast Reroute (FRR)
E.IP Fast Reroute (IPFRR)
AnswersB, C, D

TI-LFA works with SR and provides node/link protection.

Why this answer

B is correct because Topology-Independent LFA (TI-LFA) provides fast convergence in Segment Routing networks by computing a backup path that is guaranteed to be loop-free regardless of the network topology. It leverages the Segment Routing data plane to pre-install a repair path using a segment list, enabling sub-50ms failover without relying on IGP convergence.

Exam trap

Cisco often tests the distinction between IPFRR (which is IP-layer only) and TI-LFA/LFA/RSVP-TE FRR (which are MPLS/Segment Routing-specific), so candidates mistakenly select IPFRR because it sounds similar to LFA, but it does not apply to MPLS/Segment Routing networks.

68
MCQmedium

A service provider is migrating their MPLS core network to Segment Routing (SR-MPLS). All existing core routers run IOS-XR and are configured with an SRGB of 16000-23999 and OSPF as the IGP. A new router (R5) is added as a PE. The engineer configures R5 with the same SRGB and enables segment-routing under OSPF. However, when configuring an SR-TE policy from R5 to the remote loopback 10.0.0.1 on R1, the policy remains down. Show commands reveal that R5 is not learning the prefix-SID for 10.0.0.1. On R1, the prefix-SID is configured with index 100. The engineer verifies that OSPF adjacencies are up and that R5 can ping 10.0.0.1. What is the most likely cause of the issue?

A.The OSPF process on R5 is not configured with segment-routing mpls.
B.The SR-TE policy on R5 is missing the color attribute.
C.R1 is not configured with the same SRGB as R5.
D.The prefix-SID index 100 is not within the SRGB range of R5 (16000-23999).
AnswerA

Without this command, R5 cannot exchange prefix-SID information via OSPF.

Why this answer

Option B is correct because without 'segment-routing mpls' under the OSPF process, R5 cannot participate in Segment Routing, meaning it does not advertise its own prefix-SIDs nor learn the prefix-SIDs of other routers. This prevents the SR-TE policy from obtaining the necessary label bindings. Option A is incorrect because index 100 maps to label 16100 (16000+100), which is within the SRGB range.

Option C is incorrect because while color is a key attribute in SR-TE policies, the policy can still be defined with a segment-list; however, the primary issue here is the lack of prefix-SID learning. Option D is incorrect because the SRGB is consistent across all routers.

69
MCQeasy

In MPLS forwarding, what label operation does a transit LSR perform on the top label of a labeled packet?

A.Swap
B.None
C.Pop
D.Push
AnswerA

Swap is the correct operation for a transit LSR.

Why this answer

A transit Label Switch Router (LSR) in an MPLS network receives a labeled packet and must forward it toward the egress LSR. The core operation on the top label is a swap: the incoming label is replaced with an outgoing label learned from the downstream LSR via Label Distribution Protocol (LDP) or other label distribution protocols. This maintains the label-switched path (LSP) and ensures the packet continues along the correct path.

Exam trap

Cisco often tests the distinction between the roles of ingress, transit, and egress LSRs, and the trap here is that candidates confuse the transit LSR's swap operation with the penultimate hop's pop operation or the ingress LSR's push operation.

How to eliminate wrong answers

Option B (None) is wrong because a transit LSR must always perform a label operation on the top label to forward the packet; doing nothing would drop the packet or cause a forwarding loop. Option C (Pop) is wrong because pop (penultimate hop popping, PHP) is performed by the penultimate LSR (the LSR just before the egress), not by a generic transit LSR. Option D (Push) is wrong because push is performed by the ingress LSR when it first imposes a label on an unlabeled packet; a transit LSR receives an already-labeled packet and does not push an additional label.

70
MCQeasy

An engineer notices that MPLS VPN traffic is taking a suboptimal path because the MPLS label binding for the BGP next-hop loopback is missing. What is the most likely cause?

A.The remote PE is configured with a different VPN ID.
B.The local PE does not have a route to its own loopback.
C.LDP is not enabled on the core-facing interfaces.
D.LDP is not enabled on the PE-CE interface.
AnswerC

LDP on core interfaces is required to propagate labels for the loopback.

Why this answer

LDP must be enabled on core-facing interfaces to distribute labels for the loopback. If it is missing, no label is available.

71
MCQmedium

During an MPLS network migration from LDP to Segment Routing, an engineer notices that some routers are not advertising Prefix-SIDs for certain loopbacks. The IGP is OSPF. What configuration is required on these routers to advertise Prefix-SIDs?

A.Enable 'mpls ldp autoconfig' on the loopback interface.
B.Enable 'segment-routing mpls' globally and configure 'prefix-sid index' under the loopback interface.
C.Configure 'segment-routing mpls set-adjacency-sid' on the loopback.
D.Configure 'segment-routing mpls' globally and assign a SID index under the OSPF router process for the loopback.
AnswerD

This enables SR globally and assigns the Prefix-SID under OSPF.

Why this answer

In OSPF, Prefix-SIDs for loopbacks are advertised by configuring 'segment-routing mpls' globally and then assigning a SID index under the OSPF router process using the 'prefix-sid index' command for the specific loopback network. This ties the SID to the OSPF prefix advertisement, enabling SR-MPLS forwarding without LDP.

Exam trap

Cisco often tests the distinction between where Prefix-SID configuration is applied (under the IGP process) versus interface-level commands, leading candidates to mistakenly configure 'prefix-sid index' directly on the loopback interface.

How to eliminate wrong answers

Option A is wrong because 'mpls ldp autoconfig' enables LDP on the interface, which is not used for Segment Routing and would not advertise Prefix-SIDs. Option B is wrong because 'prefix-sid index' is configured under the OSPF router process, not directly under the loopback interface; the interface-level command does not exist for OSPF. Option C is wrong because 'segment-routing mpls set-adjacency-sid' is used to assign Adjacency-SIDs on interfaces, not Prefix-SIDs for loopbacks.

72
Multi-Selecthard

Which TWO commands are most effective to verify that an SR-TE policy is active and forwarding traffic? (Choose two.)

Select 2 answers
A.show segment-routing traffic-eng policy
B.show isis database verbose
C.show mpls forwarding-table labels
D.show segment-routing traffic-eng segment-list
E.show bgp labels
AnswersA, C

Shows the SR-TE policies, their state (active/inactive), and candidate paths.

Why this answer

To verify SR-TE policy, `show segment-routing traffic-eng policy` (C) shows policy status, candidate paths, and segment lists. `show mpls forwarding-table labels` (E) shows the forwarding entry for the SR-TE label, confirming installation. Option A shows BGP-LU labels, not SR-TE. Option B shows IGP segments, not SR-TE policy forwarding.

Option D shows segment list details but not active forwarding state.

73
MCQeasy

A service provider is deploying MPLS in their core network and wants to ensure that all routers in the MPLS domain can dynamically exchange label bindings. Which protocol should be enabled on all routers to meet this requirement?

A.LDP
B.OSPF
C.iBGP
D.RSVP-TE
AnswerA

LDP dynamically distributes labels for all prefixes in the IGP.

Why this answer

LDP is the standard protocol for distributing MPLS labels in a dynamic MPLS network. Option B is incorrect because RSVP-TE is used for traffic engineering, not basic label distribution. Option C is incorrect because iBGP carries VPN labels, not transport labels.

Option D is incorrect because OSPF does not distribute labels.

74
Multi-Selecthard

A network engineer is troubleshooting an LDP session failure between two directly connected routers. The routers are configured with the 'mpls ldp' command under the interface. The 'show mpls ldp neighbor' command shows no neighbors. Which two additional pieces of information should the engineer verify? (Choose two.)

Select 2 answers
A.Verify that the interface IP addresses are in the same subnet.
B.Verify that TCP port 646 is open on the interface ACL.
C.Verify that 'mpls ip' is enabled globally.
D.Verify that the LDP router IDs are reachable via routing.
E.Verify that OSPF is configured on the interface.
AnswersA, D

LDP hello messages are sent to the all-routers multicast address; mismatched subnets prevent discovery.

Why this answer

Option A is correct because LDP sessions are established only between directly connected LSRs when using the default 'mpls ldp' interface configuration. The LDP Hello messages are sent as UDP packets to the multicast address 224.0.0.2, and if the interface IP addresses are not in the same subnet, the Hello messages will not be received, preventing neighbor discovery.

Exam trap

Cisco often tests the distinction between LDP Hello (UDP multicast) and LDP session (TCP unicast), and candidates mistakenly focus on TCP ACLs or global MPLS commands instead of verifying subnet adjacency and router ID reachability.

75
MCQmedium

A service provider is using Segment Routing with TI-LFA for fast convergence. During a link failure, the router performing the local repair must compute a backup path that avoids the failed link. Which type of Adjacency Segment Identifier (Adj-SID) is required for the backup path to be loop-free?

A.Anycast Adj-SID
B.Unprotected Adj-SID
C.Protected Adj-SID
D.Backup Adj-SID
AnswerC

Protected Adj-SID enables fast reroute protection in SR networks.

Why this answer

TI-LFA requires the backup path to use a specific Adj-SID that steers traffic away from the failed link. The 'protected' Adj-SID is designed for this purpose. Option A is incorrect because 'unprotected' Adj-SID does not support fast reroute.

Option C is incorrect because there is no 'backup' Adj-SID; it's a property. Option D is incorrect because 'anycast' Adj-SID is used for anycast groups, not for FRR.

Page 1 of 2 · 89 questions totalNext →

Ready to test yourself?

Try a timed practice session using only MPLS and Segment Routing questions.